I’m configuring a couple of notebooks for a very specific function out in the field.
What I’m trying to do may sound a little over-authoritative, but these machines are being sent out for business use only and it’s quite important that they remain in working order - in the past, I’ve found that machines that are out of sight of the office tend to get all sorts of stuff installed on them and that this can generate support calls when/if the installed software (particularly AOL disks and screensavers) starts to interfere with the normal operation of the machine.
They are refurbished Thinkpad 600s (not state of the art, but perfectly adequate to the task); they have built-in CDROM drives and will have an internet connection for email and data transfer.
I need to permit the transfer of files, but I need to find some way to prevent unauthorised new applications being installed (It doesn’t much matter if someone can download stuff as long as I can prevent it being installed).
For the past few years in my school district, we’ve used FoolProof on all pre-Windows 2000 client machines. You can check it out at SmartStuff’s website.
Generally we’ve been happy with FoolProof, although it can and has interfered with some older DOS-based programs and poorly written 16-bit packages.
As for increasing the security/control of those Win98 laptops without a third-party program: we’ve never been able to figure out an easy, workable solution; which is why, of course, we turned to FoolProof.
Win98 basically has no security, MS wasn’t lying about that part. My college uses this: http://www.deepfreezeusa.com/
It’s a program that not only prevents people from installing anything, it also limits their on-disk storage space to one particular partition, and can be set to erase that partition every time it reboots.
~
I’m not sure, but have a look at the windows policy editor - part of the resourcekit that comes with windows. It can prevent the user from changing display settings start menus etc, so it may also be able to prevent installs.
Check out a software package called TrackIt. It does a software audit on computers.
Have your users sign an agreement that states they will not install software on the machines, and that they understand that it is a violation of company policy if they do. Do an audit when the machine goes out. Do one when it comes back. Fire the user if there is more software on it when it comes back.
We just went through this a while back and after the second head rolled, we had no more problems.
Ahh, a Win98 security question, so of course the first place I think to look is… Novell. (Specifically the zenworks cool solutions site. Many of the solutions listed do not require any Novell products at all, or can at least be used in some modified form)
After a quick look through policy editor, I don’t see a way to disable installs, but there is an entry to “only run allowed Windows applications”. I haven’t tested this, but it may be what you are looking for.
Of course, anyone who knows how to run poledit can undo these changes once they’ve got the machine.
I know of someone who was fired for losing a file and not having made a backup as per company policy (lots of work-hours lost). Yep, I bet the rest of employees will now make sure they make backups in time. Rolling heads are a good reminder of what not to do. I forget who said it: “We hang men not for stealing horses but so that horses are not stolen”.
